Last week, the tech industry was rocked by news that not one but two major flaws had been discovered in the basic design of Intel CPUs. While these bugs were related, they had different exploits attached to them, termed "Spectre" and "Meltdown." This has, in turn, had the industry scrambling to understand what's going on with the bugs and how to deal with them.
This is an ongoing news item, but we wanted to briefly summarize what's going on, how the Spectre and Meltdown bugs might affect you, and what's being done to mitigate the damage.
A Quick Overview Of The Spectre And Meltdown Intel CPU Bugs
1 - What is the bug?
Both Spectre and Meltdown relate to the same core flaw in Intel CPUs, relating to how they handle calls for access to the CPU's memory systems. If exploited, the bugs could allow attackers to bypass most security measures and gain direct access to the copy of the Operating System kernel being held in the computer's memory. In turn, this could lead to a variety of attacks bypassing security systems.
The exact details have not been released publicly, for obvious reasons, although Intel is sharing the information with those who need to know.
2 - What's affected?
This is the really bad news: Pretty much any system running any Intel chip, either 32- or 64-bit, from the last 10-15 years. On top of that, some ARM systems also share the bug. It currently appears that AMD systems are not affected, but this is still being researched.
It's vital to understand that this is a hardware bug which can theoretically be exploited in any OS environment. Whether Windows, MacOS, Linux, ChromeOS, or whatever else - if it's running a halfway modern Intel chip, it's probably vulnerable.
3 - What exploits have been released?
This is the good news: None that we are aware of. Intel seems to have successfully kept a lid on the bug long enough that OS developers and other software companies have been able to work around it.
4 - What do I need to do to fix the issue?
Strictly speaking, as a hardware bug, it cannot be fixed. At least not beyond buying the next generation of CPUs. However, patches are already being deployed by all major OS companies to change how they handle CPU kernel calls and mitigate the problem. If you already regularly install security updates as they are released, you should be fine.
If you screen your updates, or you're running a less-common OS (like various niche *nix builds) you'll want to do some research online to find a patch and install it ASAP.
That's the other bad news. The exploit involved using a feature intended to speed up OS calls to the CPU, and the workaround is to disable that feature. That means a loss of performance.
Unfortunately, it's very hard to predict how much of an impact the patch will have on your performance. Depending on a wide variety of factors, ranging from your hardware to the type of work you're doing, the performance drop can range from only around 1% to potentially 20% or more. Reportedly, Virtual Machines and cloud applications are being hit the hardest.
The OS developers are well aware of the issue, however, and are at work finding ways to minimize the performance drop. Presumably, more patches will be forthcoming.
Do you have more questions or concerns about Spectre and Meltdown? Contact Hummingbird Networks and we'll try to help!